is this a safe function for building a sql query?

Hi,
On a page I’m building I have several lists built by pulling in the data from a mysql db. These lists are practically all the same, only the table names really change.
Basically rather than having the same blocks of code replicated everywhere I’ve put together a function to cut down on my code. Several parameters can be passed into the function to specify the fields I want to pull in, whether the results are sorted and any limit I may want to put in place. Does this look safe?

[code=php]function buildBlockList($all ,$tableName, $sort, $limit=””){

$sql = sprintf(“SELECT
%s
FROM
%s
%s
%s”,
mysql_real_escape_string($all),
mysql_real_escape_string($tableName),
mysql_real_escape_string($sort),
mysql_real_escape_string($limit));

$result = mysql_query($sql);

if( !$result ) {
echo “Error retrieving list data”;
}
while ($resultBlockList = mysql_fetch_array($result)) {

$resultBlockListlink_int_title[] = $resultBlockList[‘link_int_title’];
$resultBlockListlink_int[] = $resultBlockList[‘link_int’];

}
$BlockListlink_int_titleSize = count($resultBlockListlink_int_title);

?>

<?php

for ($j = 0; $j< $BlockListlink_int_titleSize ; ++$j) {
echo ‘<li><a href=”‘.$resultBlockListlink_int[$j].'”/>’.$resultBlockListlink_int_title[$j].'</a></li>’;
}

}[/code]

Here an example calling the function:

[code=php]buildBlockList(“link_int_title, link_int”, “betting_exchange”, “ORDER BY click_count DESC”, “LIMIT 0, 5”);[/code]

Thanks for any input!

Also in #PHP _↴